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1 . 


INTRODUCTION 


1.1 The risk management strategy of the Central Karoo District Municipality deals 
with the major intended and emergent initiatives taken by and involving the 
utilisation of its resources to reduce risk in the District Municipality. 

1.2 These strategies may include acceptance, avoidance, mitigating and 
transferring of risk. 

1.3 The risk management strategy outlines a high-level plan on how the District 
Municipality will go about implementing its risk management policy. 

1.4 The risk management strategy contains the following five main elements: 

1.4.1 Structural Configuration: 

This element describes how the institution will be structured in terms 
of committees and reporting lines to give effect to the risk 
management policy. 

1.4.2 Accountability, Roles and Responsibilities: 

This element describes the authority and delegation of 
responsibilities to give effect to the risk management policy. 

1.4.3 Risk Management Activities: 


This element includes the risk assessment processes and 
methodologies, monitoring activities and risk reporting standards to 
give effect to the risk management policy. 
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1.4.4 


Monitoring of the Achievement of the Risk Management Strategy: 


This element includes assessment of whether or not key milestones 
are achieved. More importantly it is also monitoring whether the risk 
management strategy is producing the sustainable outcomes as 
originally envisaged. 

1.4.5 Assurance Activities: 

This element considers all assurance providers available to the 
institution and integration of their scope of responsibility. 

2. RISK MANAGEMENT STRATEGY 

2.1 Structural Configuration: 

2.1.1 The District Municipality will implement the following structure to give effect to 
its Risk Management Policy. 

2.1.2 Council: The Council will strive within its capacity to achieve the objectives 
set out in Section 152 of the Constitution. 

2.1.3 The Executive Authority will be as follows: 

• For the District Municipality: The Accounting Officer and the 
Directors (Section 57 employees) of the District Municipality. 

2.1.4 The Accounting Officer will be as follows: 

• For the District Municipality: The Municipal Manager; 

• For any Municipal Entity of which this District Municipality is 
the parent: The Chief Executive Officer. 

2.1.5 The Chief Risk officer will be appointed by the Municipal Manager, be it an 
employee with the designation of Chief Risk Officer or an employee with the 
delegated responsibilities of a Chief Risk Officer. 
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2.1.5 The Risk Management Committee will consist of: 

2.1.5.1 A member of the Audit Committee (not in the employ of the 
institution); 

2.1.5.2 Representatives of Senior Management: 

• The Municipal Manager; 

• The Senior Manager: Financial Services (CFO); 

• The Senior Manager: Corporate Services; 

• The Director: Technical Services. 

2.1.6 Standing invitees to the Committee shall be: 

2.1.6.1 Chief Risk Officer; 

2.1.6.2 Chief Audit Executive; 

2.1.6.3 Any other person who me be co-opted to provide specialist skills, 
advice and counsel. 

2.1.7 The Risk Champions will be at least one designated Section Head from each 
of the Directorates of the District Municipality. 

2.1.8 The Audit Committee will be the Committee Members as appointed by 
Council. 

2.1.9 The Internal Audit service will be provided by the District Municipality’s 
Internal Audit Unit or an external service provider (co-sourced / outsourced 
function). 

2.1.10 Other staff, who also have a role in Risk Management, are employees within 
the District Municipality with non-specific risk management responsibilities. 
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3. 


ACCOUNTABILITY, ROLES AND RESPONSIBILITIES 


Legislating the implementation of risk management in public sector institutions is part of a macro strategy of Government towards 
ensuring the achievement of national goals and objectives. 



LEGAL MANDATE 

ROLE AND RESPONSIBILITIES 

EVALUATION 

ACCOUNTING 

The following legislative 

To derive optimal benefits, risk management 

To measure the Accounting 

AUTHORITY 

instruments provide the legal 

ought to be conducted in a systematic manner, 

officer’s effectiveness in 


foundation for the Accounting 

using proven methodologies, tools and 

leading the institution’s ERM in 


Authority’s responsibility for risk 

techniques. 

contributing to the institution’s 


management: 


goals and objectives, clear 



The Accounting Officer must ensure that the 

objectives and key 


For the CKDM: 

responsibility for risk management vests at all 

performance indicators have 


• Section 62(1 )(c) of the 

levels of management and that it is not only 

been set for the Officer in 


MFMA; 

limited to the Accounting Officer. The 

respect of risk management, 



Accounting Officer must also ensure that a risk 

as included in his Performance 


For Municipal Entities: 

assessment is conducted regularly to identify 

Contract. The Accounting 


• Section 95(c)(i) of the 

emerging risks. 

Officer will be evaluated in 


MFMA. 


terms of the requirements set 



High level responsibilities of the Accounting 

out in the Performance 



Officer include: 

Regulations for Municipal 




Managers and Managers 
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to 


Municipal 


Setting the tone at the top by 
supporting ERM and allocating 
resources towards the implementation 
thereof; 

Establishing the necessary structures 
and reporting lines within the institution 
to support ERM; 

Approving the risk management 
strategy, risk management policy, risk 
management implementation plan and 
fraud risk management policy; 
Approving the institution’s risk appetite 
and risk tolerance; 

Influencing an institutional “risk aware” 
culture; 

Approving the code of conduct for the 
institution and holding management 
and officials accountable for 
adherence; 

Place the key risks at the forefront of 
the management agenda and devote 
personal attention to overseeing their 
effective management; 


accountable 

Managers. 








CKDM: RISK MANAGEMENT STRATEGY 


Hold management accountable for 
designing, implementing, monitoring 
and integrating risk management 
principles into their day-to-day 
activities; 

Holding the structures responsible for 
risk management activities 
accountable for adequate 
performance; 

Ensuring that a conducive control 
environment exists to ensure that 
identified risks are proactively 
managed; 

Leverage the Audit Committee, 
Internal Audit, Risk Management 
committee and other appropriate 
structures for assurance on the 
effectiveness of risk management; 
Provide all relevant stakeholders with 
the necessary assurance that key risks 
are properly identified, assessed, 
mitigated and monitored; 












• Consider and act on recommendations 
from the Audit Committee, Internal 
Audit, Risk Management Committee 
and other appropriate structures for 
improving the overall state of risk 
management; 

• Provide appropriate leadership and 
guidance to senior management and 
structures responsible for various 
aspects of risk management; 

• Awareness of and concurring with the 
institution’s risk appetite and tolerance 
levels; 

• Reviewing the institution’s portfolio 
view of risks and considers it against 
the institution’s risk tolerance; 

• Influencing how strategy and 
objectives are established, institutional 
activities are structured, and risks are 
identified, assessed and acted upon; 
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• Requiring that management should 
have an established set of values by 
which every employee should abide 
by; 

• Insist on the achievement of 
objectives, effective performance 
management and value for money; 

• The design and functioning of control 
activities, information and 
communication systems, and 
monitoring activities; 

• The quality and frequency of reporting; 

• The way the institution is managed 
including the type of risks accepted; 

• The appropriateness of reporting lines; 

• Assign responsibility and authority; 

• Insist on accountability. 

• 
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LEGAL MANDATE 

ROLE AND RESPONSIBILITIES 

EVALUATION 

CHIEF RISK 

Legislating the implementation of 

The primary responsibility of the CRO is to 

To measure the CRO’s 

OFFICER (CRO) 

risk management in public sector 

bring to bear his / her specialist expertise to 

effectiveness in leading the 


institutions is part of a macro 

assist the institution to embed and leverage 

institution’s ERM in 


strategy of Government towards 

the benefits of risk management to achieve its 

contributing to the institution’s 


ensuring the achievement of 

stated objectives. 

goals and objectives and key 


national goals and objectives. 


performance indicators will be 



To derive optimal benefits, risk management 

set for the CRO in respect of 


The CRO is bound by the legislation 

ought to be conducted in a systematic manner, 

risk management. The 


applicable to “other Personnel”, as 

using proven methodologies, tools and 

following key performance 


set out below. 

techniques. Focusing on enterprise-wide risk 

indicators for the CRO will be 



management programmes, the CRO is tasked 

considered: 


The following legislative 

with the overall efficiency of the ERM function. 



instruments provide the legal 

This is inclusive of the embedding of risk 

• Maturity on the 


foundation for risk management for 

management practices and fostering a risk 

implementation of the 


“Other Personnel”: 

aware culture within the institution. 

ERM Framework; 




• Risk management 


For CKDM: 

The CRO effectively assumes the role of 

structures active and 


• Section 78 of the MFMA; 

institutional advocate for ERM and brings 

credible; 



specialist expertise to assist in integrating risk 



for Municipal Entities: 

management throughout the institution. 



• Section 105 of the MFMA. 
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High level responsibilities to achieve this 

• Realistic risk 



include: 

management 




implementation plan 



• Working with senior management to 

achieved; 



develop the overall enterprise risk 

• Proactive identification 



management vision, risk management 

of emerging risks to 



strategy, risk management policy, as 

minimize unforeseen 



well as risk appetite and tolerance 

risks; 



levels for approval by the Accounting 

• Implementation 



Authority / Officer; 

progress achieved of 



• Communicating the risk management 

Loss Prevention 



policy, risk management strategy and 

Programme; 



risk management implementation plan 

• Lack of surprises; 



to all stakeholders in the institution; 

• Updated risk profile of 



• Setting up of the risk management 

the institution; 



structure and risk management 

• Updated action plans 



reporting lines within the institution; 

for all material risks. 



• Continuously driving the risk 




management process towards best 

Evaluation will be performed 



practice; 

by the Accounting Officer on 




an annual basis. 
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Developing a common risk 
assessment methodology that is 
aligned with the institution’s objectives 
at strategic, tactical and operational 
levels for approval by the Accounting 
Authority / Officer; 

Coordinating risk assessments within 
the institution / directorate / department 
/ section / on a regular basis; 
Sensitising management timeously of 
the need to perform risk assessments 
for all major changes, capital 
expenditure, projects, institutional 
restructuring and similar events, and 
assist to ensure that the attendant 
processes, particularly reporting, are 
completed efficiently and timeously; 
Assisting management in developing 
and implementing risk responses for 
each identified material risk; 


13 









CKDM: RISK MANAGEMENT STRATEGY 


Ensuring effective information systems 
exist to facilitate overall risk 
management improvement within the 
institution; 

Continuously transferring risk 
management principles and practices, 
through training interventions, to all 
stakeholders within the institution; 
Advising management in the 
development of financing structures; 
Performing an analysis to identify 
emerging risks facing the institution for 
further action and intervention; 
Collating and consolidating the results 
of the various assessments within the 
institution; 

Analysing the results of the 
assessment process to identify trends, 
within the risk and control profile, and 
develop the necessary high-level 
control interventions to manage these 
trends; 


■ 
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• Compiling the necessary reports to the 
Risk Management Committee; 

• Providing input into the development 
and subsequent review of the fraud 
prevention strategy, business 
continuity plans, occupational health, 
safety and environmental policies and 
practices and disaster management 
plans. 

In addition to the above mentioned high level 
responsibilities the CRO needs to possess 
certain attributes to function effectively and 
efficiently. 
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LEGAL MANDATE 

ROLE AND RESPONSIBILITIES 

EVALUATION 

RISK COMMITTEE 

There is currently no legal mandate 

The Risk Management committee is 

To measure the Risk 


for the establishment of a Risk 

responsible for assisting the Accounting 

Management committee’s 


Management committee. However, 

Officer in addressing its oversight 

effectiveness in the 


National Treasury determines that 

requirements of risk management and 

institution’s ERM in 


the role of the Risk Management 

evaluating and monitoring the institution’s 

contribution to the institution’s 


Committee is to develop goals, 

performance with regards to risk 

goals and objectives, clear 


objectives and key performance 

management. The role of the Risk 

objectives and key 


indicators for the committee for 

Management Committee is to formulate, 

performance indicators have 


approval by the Accounting Officer. 

promote and review the institution’s ERM 

been set for the Risk 



objectives, strategy and policy and monitor the 

Management Committee in 



process at strategic, management and 

respect of risk management. 



operational levels. 

The key performance 




indicators for the Risk 



In discharging its oversight responsibilities 

relating to risk management, the Risk 

Management committee are: 



Management committee has the following 

• Risk Management 



high-level responsibilities: 

Policy and Risk 

Management Strategy 



• Review the risk management policy 

and Framework 



and strategy and recommend for 

approved for the 



approval by Council; 

financial year; 
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Review the risk appetite and tolerance 
and recommend for approval by 
Council; 

Review the institution’s risk 
identification and assessment 
methodologies to obtain reasonable 
assurance of the completeness and 
accuracy of the risk register; 

Evaluate the effectiveness of 
mitigating strategies to address the 
material risks of the Institution; 

Report to the Accounting Officer any 
material changes to the risk profile of 
the Institution; 

Review the fraud prevention policy and 
recommend for approval by Council; 
Evaluate the effectiveness of the 
implementation of the fraud prevention 
policy; 

Review any material findings and 
recommendations by assurance 
providers on the system of risk 
management and monitor that 




Risk Management 
Implementation Plan 
approved; 

Annually report on the 
submission of risks 
equal or > risk appetite 
to Risk Committee; 
Review the Risk 
Appetite as per the 
Risk Management 
Policy; 

Quarterly progress 
report of the approved 
Implementation Plan; 
Submission of 

approved Risk 

Committee minutes to 
the Audit Committee 
on a quarterly basis; 
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appropriate action is instituted to 
address the identified weaknesses; 
Develop goals, objectives and key 
performance indicators for the 
Committee for approval by the 
Accounting Officer; 

Develop goals, objectives and key 
performance indicators to measure the 
effectiveness of the risk management 
activity; 

Set out the nature, role, responsibility 
and authority of the risk management 
function within the Institution for 
approval by the Accounting Officer, 
and oversee the performance of the 
risk management function; 

Provide proper and timely reports to 
the Accounting Officer on the state of 
risk management, together with 
aspects requiring improvement 
accompanied by the Committee’s 
recommendations to address such 
issues. 


• Submission of a 
statement / report from 
Risk Committee Chair 
to the Audit Committee 
regarding the Risk 
Committee’s 
performance as per the 
Key Performance 
Indicators on an annual 
basis. 

The Risk Committee will be 
evaluated by the Mayoral 
Committee on an annual 
basis. 
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LEGAL MANDATE 

ROLE AND RESPONSIBILITIES 

EVALUATION 

AUDIT COMMITTEE 

Legislating the implementation of 

The Audit Committee is responsible for 



risk management in public sector 

providing the Accounting Officer with 



institutions is part of a macro 

independent council, advice and direction in 



strategy of Government towards 

respect of risk management. The 



ensuring the achievement of 

stakeholders rely on the Audit Committee for 



national goals and objectives. The 

an independent and objective view of the 



following legislative instruments 

institution’s risks and effectiveness of the risk 



provide the legal foundation for the 

Audit Committee’s responsibility for 

management processes. 



risk management: 

In this way, the Audit Committee provides 




valuable assurance that stakeholder interests 



For CKDM: 

are protected. 



• Section 166 of the MFMA; 

In discharging its oversight responsibilities 



For Municipal Entities: 

relating to risk management, the audit 



• MFMA. 

committee: 



■ 
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Gains thorough understanding of the 
risk management policy, risk 
management strategy, risk 
management implementation plan, 
and fraud risk management policy of 
the institution to enable them to add 
value to the risk management process 
when making recommendations to 
improve the process; 

Reviews and critiques the risk appetite 
and risk tolerance, and recommends 
this for approval by Council; 

Reviews the completeness of the risk 
assessment process implemented by 
management to ensure that all 
possible categories of risks, both 
internal and external to the institution, 
have been identified during the risk 
assessment process. This includes an 
awareness of emerging risks 
pertaining to the institution; 
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Reviews the risk profile and 
management action plans to address 
the risks; 

Reviews the adequacy of adapted risk 
responses; 

The audit committee must monitor the 
progress made with the management 
action plan; 

Reviews the progress made with 
regards to the implementation of the 
risk management strategy of the 
institution; 

Facilitates and monitors the 
coordination of all assurance activities 
implemented by the institution; 
Reviews and recommends any risk 
disclosures in the annual financial 
statements; 

Provides regular feedback to the 
Accounting Officer on the 
effectiveness of the risk management 
process implemented by the 
institution; 
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Review the process implemented by 
Management in respect of fraud 
prevention and ensure that all fraud 
related incidents have been followed 
up appropriately; 

Reviews and ensures that the internal 
audit plans are aligned to the risk 
profile of the institution; 

Review the effectiveness of the 
internal audit assurance activities and 
recommends appropriate action to 
address any shortcomings; 

Review the combined assurance 
model. 
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LEGAL MANDATE 

ROLE AND RESPONSIBILITIES 

EVALUATION 

RISK CHAMPIONS 

Legislating the implementation of 

The Risk champion is a person with the skills, 

To measure the Risk 


risk management in public sector 

knowledge and leadership required to 

Champion’s effectiveness in 


institutions is part of a macro 

champion the risk management cause. 

the institution’s ERM in 


strategy of Government towards 


contributing to the institution’s 


ensuring the achievement of 

A key part of the Risk Champion’s 

goals and objectives, clear 


national goals and objectives. The 

responsibility involves escalating instances 

objectives and key 


Risk Champions are bound by the 

where the risk management efforts are stifled, 

performance indicators should 


legislation applicable to “Other 

such as when individuals try to block ERM 

be set for the Risk Champion 


Personnel”, as set out below. 

initiatives. The Risk champion also adds value 

in respect of risk management. 



to the risk management process by providing 

The key performance 


For CKDM: 

guidance and support to manage 

indicators for the Risk 


• Section 78 of the MFMA; 

“problematic” risks and risks of a transversal 

Champion are: 



nature. 



For Municipal Entities: 


• Resolution of problems 


• Section 105 of the MFMA. 

The Risk Champion acts as a change agent in 

the ERM process and is distinguished from 

risk co-ordinators as they are trouble shooters 

that facilitate resolution of risk related 

problems. 

identified. 
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In order to be an effective and efficient risk 
champion, he / she must: 

• Have a good understanding of risk 
concepts, principles and processes; 

• Have good analytical skills to assist 
with the analysis of root causes to risk 
problems; 

• Leadership and motivational qualities; 

• Have good communication skills. 
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LEGAL MANDATE 

ROLE AND RESPONSIBILITIES 

EVALUATION 

MANAGEMENT 

Management are bound by the 

Management is accountable to the Accounting 

To measure the 


legislation applicable to “other 

Officer for designing, implementing and 

Management’s effectiveness 


Personnel”, as set out below. 

monitoring risk management, and integrating it 

in the institution’s ERM in 



into the day-to-day activities of the institution. 

contributing to the institution’s 


For CKDM: 

This needs to be done in such a manner as to 

goals and objectives, clear 


• Section 78 of the MFMA; 

ensure that risk management becomes a 

objectives and key 



valuable strategic management tool for 

performance indicators should 


For Municipal Entities: 

underpinning the efficacy of service delivery 

be set for the Management in 


• Section 105 of the MFMA. 

and value for money. 

respect of risk management. 




The key performance 



In discharging their high-level responsibilities 

indicators for the Management 



relating to risk management, Management: 

are: 



• Acknowledges the “ownership” of risks 

• The business unit’s 



within their functional areas and all 

performance against 



responsibilities associated with 

key service delivery 



managing such risks; 

indicators, including 



• Cascades risk management into their 

comparison of year-on- 



functional responsibilities; 

year performance; 
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Empowers officials to perform 

• Implementation level of 

adequately in terms of risk 

the ERM Framework 

management responsibilities through 

within their business 

proper communication of 

unit; 

responsibilities, comprehensive 

• Implementation of 

orientation and ongoing opportunities 

credible risk 

for skills development; 

management 

Holds officials accountable for their 

structures within their 

specific risk management 

business unit; 

responsibilities; 

• Proactive identification 

Maintains the functional risk profile 

of emerging / new risks 

within the institution’s risk tolerance 

to avoid surprises; 

and appetite; 

• Zero contravention 

Provides reports on the functional risk 

notices served by 

management consistent with the 

authorities; 

institution’s reporting protocols 

• Service delivery 

(including appearing before 

performance and 

committees); 

improvement; 

Aligns the functional and institutional 

• Improvement in 

risk management methodologies and 

efficiency ratios for 

processes; 

service delivery; 


• % achievement of 


KPI’s; 
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• Implements the directives of the 

• 

Updated risk registers; 



Accounting Officer concerning risk 

• 

Updated action plans; 



management; 

• 

Actual effectiveness of 



• Maintains a harmonious working 


controls validated; 



relationship with the CRO and 

• 

Year-on-year reduction 



supports the CRO in matters 


in incidents/losses; 



concerning the functions risk 

• 

Implementation 



management; 


progress achieved of 



• Maintains a harmonious working 


Loss Prevention 



relationship with the Risk Champion 


Programme; 



and supports the Risk Champion in 

• 

Reduction in fraud; 



matters concerning the functions risk 

• 

Reduction in 



management; 


stakeholder 



• Keeps key functional risks at the 


complaints. 



forefront of the management agenda 

and devote personal attention in 

overseeing the management of these 

risks. 
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LEGAL MANDATE 

ROLE AND RESPONSIBILITIES 

EVALUATION 

OTHER STAFF 

The following legislative 

instruments provide the legal 

foundation for Other Personnel’s 

responsibility for risk management: 

For CKDM: 

• Section 78 of the MFMA; 

For Municipal Entities: 

• Section 105 of the MFMA. 

Other Personnel are accountable to their 

Management for implementing and monitoring 

the process of risk management and 

integrating it into their day-to-day activities. 

High level responsibilities include: 

• Familiarity with the overall enterprise 

risk management vision, risk 

management strategy, fraud risk 

management policy and risk 

management policy; 

• Acting in terms of the spirit and letter of 

the above; 

• Acting within the risk appetite and 

tolerance levels set by the business 

unit; 

• Adhering to the code of conduct for the 

institution; 
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Maintaining the functioning of the 
control environment, information and 
communication as well as the 
monitoring systems within their 
delegated responsibility; 

Providing information and cooperation 
with other role players; 

Participation in risk identification and 
risk assessment within their business 
unit; 

Implementation of risk responses to 
address the identified risks. 
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LEGAL MANDATE 

ROLE AND RESPONSIBILITIES 

EVALUATION 

INTERNAL AUDIT 

The following legislative 

Responsibilities of Internal Audit in risk 



instruments provide the legal 

management include: 



foundation for Internal Audit’s 




responsibility for risk management: 

• Reviewing the risk philosophy of the 




institution. This includes the risk 



For CKDM: 

management policy, risk management 



• Section 165(2)(b)(iv) of the 

strategy, fraud prevention plan, risk 



MFMA; 

management reporting lines, the 



• International Standards for 

values that have been developed for 



the Professional Practice of 

the institution; 



Internal Auditing 

• Reviewing the appropriateness of the 



Performance Standard 

risk tolerance levels set by the 



2110. 

institution taking into consideration the 




risk profile of the institution; 



For Municipal Entities: 

• Providing assurance over the design 



• Section 165(2)(b)(iv) of the 

and functioning of the control 



MFMA; 

environment, information and 



• International Standards for 

communication systems and the 



the Professional Practice of 

monitoring systems; 



Internal Auditing - 
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Performance 

2110 . 


Standard 
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Providing assurance over the 
institution’s risk identification and 
assessment processes; 

Utilising the results of the risk 
assessment to develop long term and 
current year internal audit plans; 
Providing independent assurance as 
to whether the risk management 
strategy, risk management 
implementation plan and fraud 
prevention plan have been effectively 
implemented within the institution; 
Providing independent assurance over 
the adequacy of the control 
environment. This includes providing 
assurance over the effectiveness of 
the internal controls implemented to 
mitigate the identified risks. 
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4. 


RISK MANAGEMENT ACTIVITIES 


4.1 The following are the risk management activities that the District Municipality will 

implement together with the methodology that will be applied in each case: 

4.1.1 RISK ASSESSMENT: 

The District Municipality will as far as possible conduct an enterprise 
risk assessment annually, ie one that will include every directorate, 
department and section, however small or seemingly insignificant 
and no such directorate, department or section may exclude them 
from the assessment. Due to the limited resources available to the 
contracted internal auditors, the project would in all likelihood be 
conducted by an external service provider. Workshops will be held, 
per directorate, to be attended by the relevant Director and all his 
Managers. After conclusion of the workshops and scrutiny of the 
draft result of the assessment, copies of the final document will be 
distributed to each directorate. 

It goes without saying that such an Assessment must be conducted 
in accordance with the IIA Standards. 

4.1.2 RISK TOLERANCE: 

It is important for the institution to make an informed decision on 
how much risk it accepts as part of normal management practice. 
Setting risk tolerance is a collective senior management 
responsibility. The output is a clearly defined tolerable level of risk 
established through a rigorous process of analysis and expert 
management judgement. Depending on the nature of the risk the 
tolerance may be expressed either in qualitative of quantitative 
terms. 
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4.1.3 


RISK MITIGATION: 


After the risk tolerance has been determined, those risks that 
exceed the level are to receive immediate attention by: 

• Revisiting the existing controls that are inadequate; 

• Designing / redesigning processes that provide controls 
that will mitigate the risk; 

• Obtain expert advice from knowledgeable persons / 
companies, etc; 

• To obtain the best possible result, actions taken in 
redesigning controls should be done through a collective 
process by the Director / Manager with their staff who can 
often make valuable contributions to finding solutions. 

4.1.4 MONITORING OF RISK MITIGATION: 

The Accounting Officer is ultimately responsible in ensuring that 
risks that require mitigation receive the necessary attention by 
enhancing existing / designing new control measures. However, the 
directors assume delegation of this duty and ensure that risk 
management is carried through to the managers and all other staff. 
The Risk committee has the responsibility of monitoring the increase 
in the level of the control environment. The Chief Audit Executive 
also has the responsibility in the development of the combined 
assurance plan for the District Municipality. Factors inhibiting the 
implementation of new or revised controls to reduce the risk 
exposure should be reported to the Risk Committee. 

4.1.5 RISK REPORTING STANDARDS: 


Over and above the annual enterprise risk assessment, risks need 
to be identified and reported as soon as possible. This will assist in 
curbing potential and actual loss. 


a 
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5. 


MONITORING OF AND REPORTING ON THE ACHIEVEMENT OF THE RISK 


MANAGEMENT STRATEGY 


5.1 As already mentioned above, this element includes the assessment of whether 
or not key milestones are achieved. More importantly it is also monitoring 
whether the risk management strategy is producing the sustainable outcomes 
as originally envisaged. This falls within the scope of the responsibilities of the 
Chief Risk Officer, Accounting Authority, and the Audit Committee. During the 
initial stages of implementation of the RM Strategy, a brief report should be 
prepared to serve before the Accounting Authority on a monthly basis of which 
the frequency can be extended to quarterly and eventually biannually. 

5.2 The Accounting Authority must evaluate the progress as contained in the report 
and endeavour to resolve hurdles that are inhibiting the RM implementation 
plan. The report plus the Accounting Authority’s comment / recommendation 
should then be submitted to the Audit Committee. 

6. ASSURANCE 

6.1 This process is inseparable from ERM and is as important as the 
aforementioned. A combined assurance plan must be compiled from the risk 
analysis. This will enable management to assign resources efficiently to 
mitigate the risks to an acceptable level and to identify who is responsible for 
each risk. The District Municipality will also on a continuous basis be informed 
of assurance (or not) that risks are being managed efficiently, effectively and 
economically. 

7. RISK MANAGEMENT IMPLEMENTATION PLAN 

7.1 This document will be known as the Risk Management Strategy. The Risk 
Management Strategy focuses on the broad principles and depending on the 
merit a separate risk management implementation plan may be developed for a 
risk activity. 
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7.2 These plans will form part of the monitoring of the achievement of the Risk 

Management Strategy. 

8. REVIEW OF RISK MANAGEMENT STRATEGY 

8.1 The Committee shall review the risk management strategy and recommend to 

Council for approval any amendments that may be required. 
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